SSL related problems

I am having trouble accessing my server in https mode,
I can access it fine via http, but not in secure mode.
I have configured a public (CA) Certificate and I believe it is correct because apache2 asks for the passphrase and I can go into secure mode if I use the servers name. I get the following messages when restarting apache. The messages are followed by the apahce2 Vhosts_ispconfig.conf file. Any help would be much appreciated. I am way behind on this project.

Starting httpd2 (prefork) [Wed Dec 28 15:58:16 2005] [warn] VirtualHost 192.168.3.170:443 overlaps with VirtualHost 192.168.3.170:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Dec 28 15:58:16 2005] [warn] NameVirtualHost 192.168.3.170:80 has no VirtualHosts
Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Till thanks for looking at this. Firefox returns a time out message. I think the problem is somehow related to the fact that the machine is named amgsrv1.anthem-group.com. It is on a local domain named anthem-group.com. I have defined www.amg01.info as a virtual host and send both http and https requests from the fire wall to the IP & port defined for the virtual server which is named www.amg01,info. This is the same as the machines IP address. I can reach the machine using https:amgsrv1.anthem-group.com, but the certifcate indicates that the domain name in the certificate was not matched.
I just happed to think, what would happen if I used a different IP address to define the virtual host? I will try that, in the meantime I hope I have provided enough info to help solve my problem.

No Luck I still cannot access https://www.amg01.info even though apache apparently "sees" the certificates because it requires me to enter one before apache will boot.
Happy new year to all.

Well, in my haste to find a solution I screwed things up so bad I had to reinstall everything to make sure I brought everything back to where it was before my screw up. I was hoping that by reinstalling my problem would miraculously go away, so much for miracles. I guess the good news is I am right back where I started. The bad news is I still have the problem. I can access my site by a domain name using http, but the browser times out when trying to access the site via https.

Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings. I do not know how to make these changes in Ispconfig, so I must edit the file directly. The second is, do not make any mistakes when creating a web site using Ispconfig. If you do make a mistake and try again Ispconfig adds one to the web site and by the time you create a “good” site it is web3 or web4. I am not sure if the implicit save is a good thing for my bad typing. Also, is there a problem if I use the newest version of phpMyAdmin? I noticed that the current version is several versions ahead of the one I have been using.

I have added the public SSL certificate and when I reboot apache2 it asks for the passphrase, when entered apache2 starts OK, so it looks like apache2 knows there is a valid SSL certificate.

These are my current settings for the /etc/apache2/vhosts/Vhosts_ispconfig.conf file, followed by my host and domain settings. – Falko which log files?

Did you use any of the howtos provided at howtoforge to setup your server for ISPConfig?

senzapaura said:

Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings.I do not know how to make these changes in Ispconfig, so I must edit the file directly.

Click to expand...

Simply put you additional directives in the Apache directives field of the website.

The second is, do not make any mistakes when creating a web site using Ispconfig. If you do make a mistake and try again Ispconfig adds one to the web site and by the time you create a “good” site it is web3 or web4. I am not sure if the implicit save is a good thing for my bad typing.

Click to expand...

Whats the problem with that? Websites are referenced in ISPConfig by the domain, the web ID's are only for internal use in ISPConfig.

Also, is there a problem if I use the newest version of phpMyAdmin? I noticed that the current version is several versions ahead of the one I have been using.

Click to expand...

You can use any version you want. But make sure you configure it correctly. Have a look in the config file that ISPConfig uses for PHPMyAdmin.

I have added the public SSL certificate and when I reboot apache2 it asks for the passphrase, when entered apache2 starts OK, so it looks like apache2 knows there is a valid SSL certificate.

Click to expand...

I guess you dont added the certificate with ISPCOnfig, beacuse ISPConfig makes sure the the certificates dont ask for the password when you restart apache. If you setup an SSL certificate manually you have to select "n" in steps 6 and 7 of the openSSL certificate setup.

Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings. I do not know how to make these changes in Ispconfig, so I must edit the file directly.

Click to expand...

On the "Basis" tab of a web site in ISPConfig, there's the field "Apache Directives" where you can put your additional directives.

I do use the excellent howtos at howtoforge to install Suse 10 and Ispconfig. Without them I would be unable to begin learning the process for setting up an ISP. Most of my frustrations are caused by “operator error” and the fact I am in a learning phase.

My problem with the changing web site names is I am using Dreamweaver to program and implement the web site. In order to help me keep things straight, I setup a web1 (or webx) user to access the server for publishing and testing the site. Admittedly this is probably my problem, I must figure out a better way to coordinate these packages.

Unfortunately when I originally setup the certificate for the www.amg01.info domain I installed it with a passphrase. I will reissue the certificate when everything is working. My entering the passphrase when rebooting apache2 is not a major problem at this time. I was concerned that I entered the certificate correctly and the fact that apache2 recognizes it makes me think I did it correctly.

The Firefox alert message I get is: The operation timed out when attempting to contact www.amg01.info.

IE alert through Microsoft Word when trying to connect to the https side is: Unable to open https://www.amg01.info/ Cannot locate the Internet server or proxy server.

My problem with the changing web site names is I am using Dreamweaver to program and implement the web site. In order to help me keep things straight, I setup a web1 (or webx) user to access the server for publishing and testing the site. Admittedly this is probably my problem, I must figure out a better way to coordinate these packages.

Click to expand...

I'am using dreamweaver too for managing my sites. I do not enter a sitename at all in dreamweaver. Can you describe where you get the problems with using dreamweaver and i will try to help you.

Unfortunately when I originally setup the certificate for the www.amg01.info domain I installed it with a passphrase. I will reissue the certificate when everything is working. My entering the passphrase when rebooting apache2 is not a major problem at this time. I was concerned that I entered the certificate correctly and the fact that apache2 recognizes it makes me think I did it correctly.

The Firefox alert message I get is: The operation timed out when attempting to contact www.amg01.info.

IE alert through Microsoft Word when trying to connect to the https side is: Unable to open https://www.amg01.info/ Cannot locate the Internet server or proxy server.

If you want to add an SSL enabled site in ISPConfig, check the SSL checkbox on the basis tab. Then save the website. If you pen it again, ypu have a new SSL tab, where you can enter the details for thecertificate, there you can chose "Create certificate" and ISPConfig does all the steps nescessary for creating a valid cert for you.

When I set-up a remote site for publishing my web application in Dreamweaver, I also setup a user. This user must have all the appropriate privileges for the particular site in order for me to publish and test (I also setup the server as a test server). Since I have multiple virtual sites on the web server, I use multiple users identified in Dreamweaver (and the operating system) as user web1, web2 and so forth. I set-up a user based on the virtual host directory, that is if my site in ISPConfig is web1 I have a web1 user, but if I reinstall (using ISPConfig) I may get the web site identified as web3 (because I made mistakes setting up the site). When this happens then the Dreamweaver interface will not connect to the server for publishing or as a test server unless I fix all permissions for the Dreamweaver user or create a new user. I setup multiple users to protect one user site from another based on the operating systems permissions. Theoretically each web site could be maintained by a different developer each one protected from the others. Maybe there is a better way to do this or maybe I do not understand things correctly.

This is what I think for the https issue.

After, I applied and received the certificate from the CA. I used the information to install from ISPConfig. Then I copied the .crt and .key files to the appropriate directory. I thought I read somewhere in this forum that was the procedure to use if you already had the .crt and .key files. If my .crt and .key files are in the correct directory and they are specified in the /etc/apache2/vhosts/Vhosts_ispconfig.conf shouldn’t I be able to access the virtual host?

When I set-up a remote site for publishing my web application in Dreamweaver, I also setup a user. This user must have all the appropriate privileges for the particular site in order for me to publish and test (I also setup the server as a test server). Since I have multiple virtual sites on the web server, I use multiple users identified in Dreamweaver (and the operating system) as user web1, web2 and so forth. I set-up a user based on the virtual host directory, that is if my site in ISPConfig is web1 I have a web1 user, but if I reinstall (using ISPConfig) I may get the web site identified as web3 (because I made mistakes setting up the site). When this happens then the Dreamweaver interface will not connect to the server for publishing or as a test server unless I fix all permissions for the Dreamweaver user or create a new user. I setup multiple users to protect one user site from another based on the operating systems permissions. Theoretically each web site could be maintained by a different developer each one protected from the others. Maybe there is a better way to do this or maybe I do not understand things correctly.

Click to expand...

For each web site you must create an admin user in ISPConfig, and then you can use this admin user in Dreamweaver to connect to the site with FTP. The web site IDs do not have to be the same on different ISPConfig installations, as you've already recognized.

senzapaura said:

This is what I think for the https issue.

After, I applied and received the certificate from the CA. I used the information to install from ISPConfig. Then I copied the .crt and .key files to the appropriate directory. I thought I read somewhere in this forum that was the procedure to use if you already had the .crt and .key files. If my .crt and .key files are in the correct directory and they are specified in the /etc/apache2/vhosts/Vhosts_ispconfig.conf shouldn’t I be able to access the virtual host?

Click to expand...

Normally you check the SSL check box on a web site's "Basis" tab in ISPConfig, then you go to the SSL tab and create a new certificate. You copy the csr (certificate signing request) from the text box and send it to your CA which then sends you an official certificate which you copy into the certificate text box. You save that certificate, and you're finished.

However, I get the impression that your Apache isn't able to speak https because of missing modules. Please post the output of

Yes, looks like that... But it's possible that Apache is configured to listen on port 443, but without SSL support...
Which distribution are you using? Did you follow any of the "Perfect Setup" tutorials?

I followed the perfect setup described in howtoforge for a Suse 10 implementation. I tried to setup apache2 and PHP5 as described starting on page 5 of this perfect setup.

Version Apache/2.0.54 (Linux/SUSE)s -

While checking to see how apache was running I executed the following commands, trying to make sure ssl was running. The results follow:

amgsrv1:~ # /etc/init.d/apache2 stop
Shutting down httpd2 (waiting for all children to terminate) done
amgsrv1:~ # /etc/init.d/apache2 startssl
Starting httpd2 (prefork) Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

It looks OK to me but maybe you can see a problem. In fact it looks to me like it is supposed to be going to SSL for the server I am trying to reach via SSL.
I have tried looking at the SSL certificate using the openssl command. Maybe I have a mistake here?

Why have you created encrypted SSL certificates. Its not described in the howto and this is what stops your server. Remove the config part that that you added which is not described in the howto. ISPConfig will manage the SSL certs for you properly.